Cybersecurity News in Asia

Features
- Featured
  
  What businesses need to know about SEO poisoning
  
  Tuesday, April 16, 2024, 4:55 PM Asia/Singapore | Features
- Featured
  
  Immutable data critical to AI projects and cyber resilience
  
  Thursday, April 11, 2024, 11:46 AM Asia/Singapore | Data Protection, Features
- Featured
  
  Preparing for the benefits and risks of quantum computing: Leap or Lag?
  
  Monday, March 18, 2024, 2:55 PM Asia/Singapore | Features
News
- Featured
  
  More RATs discovered in official Android app store
  
  Friday, April 19, 2024, 5:20 PM Asia/Singapore | News, Newsletter
- Featured
  
  When GenAI chatbots start pretending to be stupid to gain human trust…
  
  Friday, April 19, 2024, 10:06 AM Asia/Singapore | News, Newsletter
- Featured
  
  Real estate logistics provider GLP steps up to zero trust architecture
  
  Friday, April 19, 2024, 10:01 AM Asia/Singapore | Case Study, News
Opinions
Tips
Whitepapers
Awards 2023
Directory
E-Learning

News

Old undocumented BIOS bootkit now modernized for cyber-espionage

By CybersecAsia editors and webmaster webmaster | Monday, November 1, 2021, 9:15 PM Asia/Singapore

With modern computers now running on UEFI boot technology, the 10-year-old code was updated but without addressing Secure Boot safeguards.

A previously undocumented real-world UEFI bootkit that persists on the EFI System Partition (ESP) has been discovered by cyber researchers.

The bootkit (an advanced form of rootkit) can bypass Windows Driver Signature Enforcement to load its own unsigned driver, thereby facilitating espionage activities. It is the second UEFI specimen persisting on the ESP and shows how real-world UEFI threats are no longer limited to SPI flash implants as used by Lojax, which was discovered by ESET in 2018.

The current bootkit was also discovered by ESET, which has named it ESPecter. The bootkit was discovered on a compromised machine along with a user-mode client component with keylogging and document-stealing functionalities, which is why ESET believes ESPecter is mainly used for espionage.

ESPector’s roots can apparently be traced back to at least 2012: it was previously operating as a bootkit for systems with legacy BIOSes. Despite ESPecter’s long lineage, its operations and upgrade to the UEFI platform had gone unnoticed and undocumented until now, according to the researchers.

What is interesting is that the malware’s components have barely changed over all these years, and the differences between the 2012 and 2020 versions are not as significant as one would expect. After all the years of insignificant changes in system booting technology, the threat actors behind ESPecter apparently decided just moved their malware from legacy BIOS systems to modern UEFI systems.

Once ESPector has been executed at boot, its payload is a backdoor that supports a rich set of commands for various automatic data exfiltration capabilities, including document stealing, keylogging, and monitoring of the victim’s screen by periodically taking screenshots. All of the collected data is stored in a hidden directory.

Existing security mechanisms like UEFI Secure Boot, if enabled and configured correctly, can stop bootkits such as ESPecter.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper
Fortanix Data Risk Management – Using Tokenization to Secure Your Data
In today's digital world, organizations prioritize data security. To protect sensitive information, they use tokenization, …Download Whitepaper

Middle-sidebar-banner

Case Studies

Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more
Indonesia’s cyber defense agency tackles Defender’s Dilemma with new initiatives
The country’s public sector will benefit from three pillars of training, intelligence and capacity-building schemes …Read more
SingAREN showcases what a national research community needs for cyber protection
With threat actors thirsting to steal international research data, what kind of cybersecurity platform can satisfy …Read more

Cybersecurity News in Asia

Featured

What businesses need to know about SEO poisoning

Featured

Immutable data critical to AI projects and cyber resilience

Featured

Preparing for the benefits and risks of quantum computing: Leap or Lag?

Featured

More RATs discovered in official Android app store

Featured

When GenAI chatbots start pretending to be stupid to gain human trust…

Featured

Real estate logistics provider GLP steps up to zero trust architecture

Old undocumented BIOS bootkit now modernized for cyber-espionage

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar